MyRHC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. As a Massachusetts-based provider of research, health, and compliance services, we adhere to HIPAA, Massachusetts data privacy laws (201 CMR 17.00), and industry best practices.
Information We Collect
Personal Information
We collect information that you provide directly to us, including:
- Name, email address, phone number, and job title
- Company/institution name and location
- Infrastructure and compliance assessment information
- Communications and correspondence with our team
Automatically Collected Information
When you visit our website, we automatically collect:
- IP address and browser type
- Operating system and device information
- Pages visited and time spent on our website
- Referring website or source
How We Use Your Information
We use collected information for the following purposes:
- To provide, maintain, and improve our services
- To respond to your inquiries and requests for assessment
- To communicate with you about our services, updates, and compliance resources
- To analyze website usage and improve user experience
- To comply with legal obligations and industry regulations
- To protect against fraud, security breaches, and malicious activity
Information Sharing and Disclosure
We do not sell your personal information. We may share your information with:
- Service Providers: Third-party vendors who assist us in providing services (e.g., email delivery, analytics, hosting)
- Business Partners: With your consent, we may share information with partners who provide complementary services
- Legal Requirements: When required by law, regulation, or legal process
- Business Transfers: In connection with any merger, sale, or acquisition of all or part of our business
AI-Powered Features
MyRHC offers optional AI-powered features to assist with compliance guidance. This section explains how your data is handled when using these features.
Third-Party AI Provider
AI features are powered by third-party AI providers (currently xAI Grok via OpenRouter). When you use AI features:
- Your queries are sent to the third-party AI provider for processing
- Responses are generated by the AI provider and returned to you through our platform
- The AI provider may process your queries according to their privacy policy and terms
- We recommend reviewing the AI provider's privacy practices at OpenRouter's Privacy Policy
What We Do NOT Store
To protect your privacy, we do NOT store:
- The content of your AI queries (prompts)
- AI-generated responses
- Any data you input into AI features
What We DO Log
For audit, compliance, and service improvement purposes, we log metadata about AI feature usage:
- Feature type used (e.g., compliance advice, remediation guidance)
- Timestamp of usage
- Response time (for performance monitoring)
- Success/failure status
- Token counts (for usage tracking, not content)
- IP address (for security purposes)
Prohibited Data
You must NEVER submit the following to AI features:
- Protected Health Information (PHI) - Patient names, medical records, diagnoses, or any HIPAA-protected data
- Personally Identifiable Information (PII) - Social security numbers, financial accounts, passwords
- Confidential Business Information - Trade secrets, proprietary research, NDA-protected data
- Sensitive Employee Data - Personnel records, disciplinary information
Consent and Control
Before using AI features, you must:
- Explicitly opt-in through our consent process
- Acknowledge that you will not submit PHI or PII
- Confirm you have consulted with your organization's Data Protection Officer or compliance team
- Accept our Terms of Service (which includes AI-specific terms)
You may revoke your AI consent at any time through your account settings. Upon revocation, you will no longer have access to AI-powered features, and no further AI-related data will be logged.
Data Security
We implement appropriate technical and organizational security measures to protect your personal information, including:
- Encryption of data in transit and at rest (TLS 1.2+, AES-256)
- Access controls and authentication mechanisms
- Regular security assessments and vulnerability testing
- Secure hosting infrastructure with HIPAA-compliant data centers
- Employee training on data privacy and security
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
Your Rights and Choices
You have the following rights regarding your personal information:
- Access: Request access to the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal obligations)
- Opt-Out: Unsubscribe from marketing communications at any time
- Data Portability: Request a copy of your information in a structured, machine-readable format
To exercise these rights, please contact us at [email protected].
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to improve your browsing experience and analyze website traffic. You can control cookies through your browser settings. Note that disabling cookies may limit functionality of our website.
Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.
Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.
Massachusetts-Specific Rights
As a Massachusetts-based organization, we comply with Massachusetts data privacy law (201 CMR 17.00). Massachusetts residents have additional rights under state law, including:
- The right to receive notice of data breaches affecting personal information
- Protection of personal information through comprehensive security programs
- Encryption of personal information during transmission and storage
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new "Last Updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us: